What should I be searching for?
I have a pix firewall and am using Kiwi sys logger and Kiwi viewer to read my firewall logs. I am looking for the guys that are doing pen testing on my firewall. what type of verbage should i search for?
%PIX-3-106011: Deny inbound (No xlate) tcp src outside:64.233.161.99/80 dst outside:208.243.37.132/1592
or maybe?
Deny tcp src outside:65.114.202.18/80 dst inside:208.243.37.132/2616 by access-group "inbound"
please help?